FAQ
Repository: hive
Updated Branches:
   refs/heads/branch-1 16be11ba5 -> 3e40a4aba


HIVE-12007 : Hive LDAP Authenticator should allow just Domain without baseDN (for AD) (Naveen Gangam via Szehon)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/3e40a4ab
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/3e40a4ab
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/3e40a4ab

Branch: refs/heads/branch-1
Commit: 3e40a4abaffc260344c2b5228d77ffd44827194f
Parents: 16be11b
Author: Szehon Ho <szehon@cloudera.com>
Authored: Mon Oct 5 10:11:47 2015 -0700
Committer: ctang <ctang.ma@gmail.com>
Committed: Fri Feb 5 15:10:54 2016 -0500

----------------------------------------------------------------------
  .../auth/LdapAuthenticationProviderImpl.java | 19 ++++++++++++-------
  1 file changed, 12 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/3e40a4ab/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
index b2c4daf..f2a4a5b 100644
--- a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
+++ b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
@@ -77,7 +77,7 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
              LOG.warn("Unexpected format for groupDNPattern..ignoring " + groupTokens[i]);
            }
          }
- } else {
+ } else if (baseDN != null) {
          groupBases.add("CN=%s," + baseDN);
        }

@@ -101,7 +101,7 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
              LOG.warn("Unexpected format for userDNPattern..ignoring " + userTokens[i]);
            }
          }
- } else {
+ } else if (baseDN != null) {
          userBases.add("CN=%s," + baseDN);
        }

@@ -151,22 +151,22 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
        // Create initial context
        ctx = new InitialDirContext(env);

- if (isDN(user)) {
+ if (isDN(user) || hasDomain(user)) {
          userName = extractName(user);
        } else {
          userName = user;
        }

- if (userFilter == null && groupFilter == null && customQuery == null) {
+ if (userFilter == null && groupFilter == null && customQuery == null && userBases.size() > 0) {
          if (isDN(user)) {
- userDN = findUserDNByDN(ctx, user);
+ userDN = findUserDNByDN(ctx, userName);
          } else {
            if (userDN == null) {
- userDN = findUserDNByPattern(ctx, user);
+ userDN = findUserDNByPattern(ctx, userName);
            }

            if (userDN == null) {
- userDN = findUserDNByName(ctx, baseDN, user);
+ userDN = findUserDNByName(ctx, baseDN, userName);
            }
          }

@@ -564,6 +564,11 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
    }

    public static String extractName(String dn) {
+ int domainIdx = ServiceUtils.indexOfDomainMatch(dn);
+ if (domainIdx > 0) {
+ return dn.substring(0, domainIdx);
+ }
+
      if (dn.indexOf("=") > -1) {
        return dn.substring(dn.indexOf("=") + 1, dn.indexOf(","));
      }

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 1 | next ›
Discussion Overview
groupcommits @
categorieshive, hadoop
postedFeb 5, '16 at 8:13p
activeFeb 5, '16 at 8:13p
posts1
users1
websitehive.apache.org

1 user in discussion

Ctang: 1 post

People

Translate

site design / logo © 2021 Grokbase